Package: chocolate-doom Version: 2.1.0-1 Severity: serious Justification: license issue
Chocolate-doom includes code taken from GnuPG, which is GPLv3, whereas chocolate-doom is GPLv2 (or later). Upstream have fixed this by replacing the AES implementation with one from the kernel. See https://github.com/chocolate-doom/chocolate-doom/commit/b3678129fd7bed6c3287ab682819b075e8bf495a For ref, the first commit introducing this code is commit a3b3e15f4eed9aaffc56be69784cd7447cf456de Author: Simon Howard <[email protected]> Date: Sat Oct 27 06:10:50 2012 +0000 The first released version to include that commit is 2.0.0, meaning only jessie and onwards are impacted. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
